Burton Group’s Pete Lindstrom lays down the law for protecting virtual infrastructures.

Security Benefits of Virtualization

There is growing confusion and debate about the net positive and negative security aspects of virtual environments. On one side is the notion of isolation of resources into purpose-built virtual machines that limit the consequences of attacks. On the other side are researchers involved in exploiting the technology and abusing its functionality that demonstrate significant risks.

Shared content and resources are the bane of the security professional’s existence—most of whose time is spent collecting and logically categorizing, grouping and then separating resources. Sometimes this grouping is done by business units and sometimes by other means, such as the classification of the content.

A virtual environment can provide a means for separation of program resources and content that enhances security. Shared resources also share risk at the aggregate level. Separating resources and content allows for stronger protection of higher-risk resources and reduces the overall impact of a compromise. A number of valuable use cases might come out of this. For example:

· A single application or set of applications could be run in a virtual machine guest (or compartment) separate from all other applications.

· A consultant working for two different companies could do work for each client in a separate virtual machine.

· Someone working on a personal computer could use one virtual machine for business activities and another for personal finances and homework.

User behavior can vary widely across a spectrum from strong risk tolerance to strong risk aversion. This behavior can change in a matter of minutes. Obviously, this creates a problem whereby the risk-tolerant behavior impacts the risk-averse requirements. An isolated temporary environment can provide a way to allow risk-tolerant behavior without significantly impacting the risk-sensitive resources.

One technique for virtual environments involves creating a “sandbox” virtual machine and using it for risky activities. Assuming the content being created and the changes being made are insignificant in the long term, then a user can “turn back time” to a point where the virtual machine was known good—typically reverting to the standard image. The obvious use for such a configuration is for shared systems like training systems and kiosks to allow for maximum flexibility on the user side without creating any long-term damage.

The sandbox scenario also provides an obvious case where streamlined recoverability is useful. In fact, the more frequent the reversion to a known-good state, the lower the potential for harmful consequences.

Virtual machines can also be multiplied and distributed in many different ways. This flexibility is a boon to disaster recovery specialists looking for ways to increase availability. Maintaining replicated environments that are physically separate and creating images that can be quickly recovered contributes to the overall availability of the resources.